Sample code for 30+ languages & platforms
Delphi DLL

ZATCA Onboarding Get Compliance CSID

See more ZATCA Examples

Demonstrates sending a POST to get a compliance CSID, which is two parts: A binary security token, and a secret.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, StringBuilder, HttpResponse, Pem, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
otp: PWideChar;
pem: HCkPem;
sbCsrBase64: HCkStringBuilder;
numReplaced: Integer;
csrBase64: PWideChar;
json: HCkJsonObject;
http: HCkHttp;
resp: HCkHttpResponse;
jsonResp: HCkJsonObject;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// It is assumed you've already generated a CSR.
// Also, you'll need an OTP code, valid for 1 hour, which is generated online in the Fatoora portal.  See 
// https://zatca.gov.sa/ar/E-Invoicing/Introduction/Guidelines/Documents/E-invoicing%20Detailed%20Technical%20Guidelines.pdf

// Manually replace this with the OTP code you interactively obtained in a browser session from the Fatoora portal.
// The OTP code is valid for 1 hour.
otp := '123434';

// You should already have a CSR in a file containing something that looks like this:

// -----BEGIN CERTIFICATE REQUEST-----
// MIIB5DCCAYsCAQAwTDELMAkGA1UEBhMCU0ExFTATBgNVBAsMDFJpeWFkIEJyYW5j
// aDEQMA4GA1UECgwHQ29udG9zbzEUMBIGA1UEAwwLRUExMjM0NTY3ODkwVjAQBgcq
// hkjOPQIBBgUrgQQACgNCAAQI6op+6GQ4Gmn9oy0DpGxX0lFtUIvj+4Jtnp0VyEsH
// +ZO7lpgksbRC484R3fAsO0v+Ly24ZIUIOYEIAeJ1f6AooIHfMIHcBgkqhkiG9w0B
// CQ4xgc4wgcswIQYJKwYBBAGCNxQCBBQTElpBVENBLUNvZGUtU2lnbmluZzCBpQYD
// VR0RBIGdMIGapIGXMIGUMTswOQYDVQQEDDIxLVRTVHwyLVRTVHwzLWVkMjJmMWQ4
// LWU2YTItMTExOC05YjU4LWQ5YThmMTFlNDQ1ZjEfMB0GCgmSJomT8ixkAQEMDzMx
// MDEyMjM5MzUwMDAwMzENMAsGA1UEDAwEMTEwMDESMBAGA1UEGgwJTXlBZGRyZXNz
// MREwDwYDVQQPDAhJbmR1c3RyeTAKBggqhkjOPQQDAgNHADBEAiBurm6KdAeHfXzt
// h/jk8xSMBP4TAkkFrg+hWDhfI0/SuAIgJi8ectM7YwBIBCmf0tdFcVTU7GBbvjnK
// xValZCAO39M=
// -----END CERTIFICATE REQUEST-----

pem := CkPem_Create();
success := CkPem_LoadPemFile(pem,'c:/aaworkarea/zatca/onboarding/taxpayer.csr','');
if (success = False) then
  begin
    Memo1.Lines.Add(CkPem__lastErrorText(pem));
    Exit;
  end;

// Get the base64 from the CSR in a single line.
sbCsrBase64 := CkStringBuilder_Create();
CkStringBuilder_Append(sbCsrBase64,CkPem__getEncodedItem(pem,'csr','','base64',0));
numReplaced := CkStringBuilder_Replace(sbCsrBase64,#13,'');
numReplaced := CkStringBuilder_Replace(sbCsrBase64,#10,'');
csrBase64 := CkStringBuilder__getAsString(sbCsrBase64);
Memo1.Lines.Add(csrBase64);

json := CkJsonObject_Create();
CkJsonObject_putEmitCompact(json,False);
CkJsonObject_UpdateSb(json,'csr',sbCsrBase64);

http := CkHttp_Create();
CkHttp_putAccept(http,'application/json');
CkHttp_SetRequestHeader(http,'OTP',otp);
CkHttp_SetRequestHeader(http,'Accept-Version','V2');
resp := CkHttpResponse_Create();
success := CkHttp_HttpJson(http,'POST','https://gw-apic-gov.gazt.gov.sa/e-invoicing/core/compliance',json,'application/json',resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
    Memo1.Lines.Add('response status code = ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
    Memo1.Lines.Add('Failed');
    Exit;
  end;

jsonResp := CkJsonObject_Create();
CkHttpResponse_GetBodyJson(resp,jsonResp);

CkJsonObject_putEmitCompact(jsonResp,False);
Memo1.Lines.Add('JSON response:');
Memo1.Lines.Add(CkJsonObject__emit(jsonResp));

CkPem_Dispose(pem);
CkStringBuilder_Dispose(sbCsrBase64);
CkJsonObject_Dispose(json);
CkHttp_Dispose(http);
CkHttpResponse_Dispose(resp);
CkJsonObject_Dispose(jsonResp);

end;